 Hello and welcome to this session in which we will discuss compliance attestation. Compliance attestation is part of the statements on standards for attestation engagement which what we've been working with in this chapter and just to review real quick we have three level of service we could have an examination engagement, review engagement, agreed upon procedures and we can have those applied to various subject matters such as prospective financial information which we already completed reporting on pro forma financial information which we already completed today we're going to be discussing in compliance attestation so compliance attestation is part of this process it's a subject matter now what can we do with compliance attestation so we can do an examination review or agreed upon procedure those are the level of services for compliance attestation we can do examination and notice here there's a trend there's always you can always do an examination can you do a review matter of fact you cannot do a review on compliance attestation matter of fact once again it's clearly stated in the literature that you cannot do a review on compliance attestation and you could also do agreed upon procedures so for compliance attestation examination and agreed upon procedures now you might be saying why am I keep on repeating myself believe it or not many questions about attestation engagements on the CPA exam are derived from this table or understanding this table also will help you understand how to answer the questions now I just want to clarify that we are not dealing with report on in compliance in connection with the financial statement audit this is for another lesson and we are not dealing about a report on compliance and internal control over compliance as part of a single audit engagement that's also another lesson this is the single audit federal assistant program so we are dealing with compliance attestation that deals with the statements on standards for attestation engagement the first term we want to learn about is compliance with a specified requirement what does that mean once once you see that statement it means the entities is in compliance with the specified laws regulation rules contract grant or whatever that topic is so they are in compliance compliance attestation engagement could take two forms you can have a compliance with a specified requirement whatever that specified requirement is could be specified to laws regulation rules contract or agreed upon procedures related to internal control over compliance so just make sure once you see the internal control just its internal control over the compliance just make sure you're aware of this so the practitioner and could be engaged to report could report on three things basically directly on the subject matter let's assume you have a contract that's the subject matter are they in compliance with the subject matter or assertions about the subject matter management is making certain assertion or on the internal control over compliance simply put one and two is related to one and two is two basically but you can report on the subject matter as well as the assertions about the subject matter now bear in mind the practitioners compliance report don't have any legal power now why do I mention this because sometime on the CPA exam they'll try to trick you into making you believe the answer is somehow illegal this compliance report has legal authority it does not before we proceed any further I have a public announcement about my company forehead lectures dot com forehead accounting lectures is a supplemental educational tool that's going to help you with your CPA exam preparation as well as your accounting courses my CPA material is aligned with your CPA review course such as becker roger wiley gleam miles my accounting courses are aligned with your accounting courses broken down by chapter and topics my resources consist of lectures multiple choice questions true false questions as well as exercises go ahead start your free trial today no obligation no credit card required now there are preconditions for both examinations and agreed upon procedures before you start management should accept responsibility for compliance you're not going to do an examination if the party that's asking you to do an examination is not taking responsibility for this also management accept responsibility for the entity's internal control over compliance so simply put if you're gonna examine or do any agreed upon procedures they have to take responsibility now man I said management it's the responsible party but we're gonna say management you know for ease evaluate also management evaluate the entity's compliance with specified requirements also the management did some compliance evaluate the compliance and no written assertions about those no compliance engagement simply put you will not go into performing an examination if the party that's asking you to do what they don't give you any written assertions for agreed upon procedures let's be a little bit more specific agreed upon procedures we can have agreed them agreed upon procedures on compliance with specific requirements wherever those requirements are or we can have it on the entity's internal control over compliance with specified requirement or we could have it on both basically the agreed upon procedures to do both the compliance with the specified requirement and the internal control over the compliance which is why not let's have really everything covered so remember in an aup agreed upon procedures you have findings that's what you report your report findings what for well what do you think it's for well to help the users in evaluating the the entity's compliance with specified requirements so basically to meet number one or to help the entity's internal control determine whether they are they have an internal control over compliance to deal with two which is basically we're saying the same thing just kind of reinforcing this concept remember agreed upon procedures is between specific parties it could be two it could be three parties but it's specific parties so what you do how do you carry the procedures you follow the agreement whatever the agreement is what you're supposed to do and you limit your restrict the report to the specified parties because it is by nature every time you hear agreed upon procedures remember it's limited it's restricted by its nature it's agreed upon between two parties the practitioner and someone else you could have a third party but that you would restrict it also to that third party assume in the third party agrees to what we are doing an examination again it has a higher level of assurance examination can be done on the entity's compliance with laws regulation contract or grant or assertions about the compliance with specific requirement so it's either the subject matter or the assertions again you have to have preconditions we mentioned the preconditions the responsibility of management but for examination we have a fourth condition and that's we can obtain sufficient appropriate evidence to support management assertion or assertions again examination we have to be aware of this and in examination we give an opinion to give an opinion you need to have sufficient appropriate evidence so if management cannot provide the sufficient appropriate evidence to support the opinion then we cannot carry an examination so that's a little bit different than it agreed upon procedures and in examination procedures first we have to understand the compliance requirement what are we do what are we complying with regulation contract rules regulation that's the first thing review the prior engagement if it's available in any regulatory reports if that's what you are working with ask or inquire with appropriate personnel talk to the people who are responsible of the of the of this process of the subject matter perform risk assessment and design step to address those risks obtain a written representation letter or written representation and document all the steps above it's very important to understand what goes on a representation letter basically a recap of everything that we did so basically representation letter is management telling us in their own words management is responsible for the internal control over compliance management performed evaluation on on the entities of the entity's compliance with internal control the management disclosed all known non-compliance made all relevant documents available provided information about communication with any relevant parties such as regulatory agencies internal auditors and other practitioners this way management is coming clean just made they tell us they did they gave us everything that will make our life easy to carry that compliance because we want to protect ourselves because of the management don't take responsibility or will hide anything then we are at risk of missing something so we want to make sure they come out and they tell us those things now the best way to kind of summarize all of this is to look at reports maybe one for an examination one for an agreed upon procedures to wrap it up because a report is the end product and in the end product basically would recap everything but it will be formal one page recapping everything so this way you'll understand in an actual example what the end product would look like whether it's an examination or an agreed upon procedures and what should you do now go to far hat lectures and work mcqs to understand this concept better those could be easy cpa questions don't shortchange yourself take it seriously good luck study hard and stay safe